Unable to see logs for firewall rules?

Temple_Pate · April 13, 2024, 6:37pm

Trying to see logs for the firewall. Basically I need to fix two issues.

Firewall doesn’t seem to be working. I set the action to drop for 8096, yet it’s still working fine from outside > inside my network.
I’m trying to get port 80 to point to a server, yet it’s not working. Which baffles me. I’ve been tinkering with it for days but i feel like there’s probably some basic thing I’m missing…

And the logs don’t seem to have records for anything regarding firewall, only DNS and DHCP…

Any ideas?

Temple_Pate · April 13, 2024, 10:06pm

Well now i have somehow made all inbound connections point to 8096 to a different server somehow… I’ve royally messed something up…

tjh · April 14, 2024, 8:22am

You have a firewall named OUTSIDE-IN but you don’t reference it anywhere. It’s all alone. You need to jump to it probably from your forward statement.

Temple_Pate · April 14, 2024, 5:28pm

So add something like this? I’m guessing in a rule that is before rule 5. So lets say rule 1.

                    action jump
                    inbound-interface {
                        name eth1
                    }
                    jump-target OUTSIDE-IN
                }

tjh · April 14, 2024, 6:05pm

Yes, exactly like that.
And then tune/tweak as you require.

Temple_Pate · April 14, 2024, 7:51pm

Okay so i’m seeing logs, so i’m guessing the way logging works is only if it actually blocks anything and not any and all firewall interactions?

Any way I can try to figure out why port 80 isn’t pointing to my server/NAS?

tjh · April 14, 2024, 8:05pm

It depends on how you have logging setup, you can log every single packet if you want but I wouldn’t suggest doing that. You didn’t post your updated config so it’s hard to answer. However the way you have your rules you initially posted setup is set that so rule 10 which will accepts all established traffic, is not to log. You have “default-log” which means it’ll log packets that hit the default policy, which is deny. So you’d only be seeing packets that are denied or hit a rule with a log action.

tcpdump on your eth1 to verify packets are coming in (so many carriers use cgnat) would be the best start and working your way from there. Looking at your rules in your initial post I can’t see obviously why it wouldn’t be working.

ibehr · April 15, 2024, 1:15am

https://hub.docker.com/r/ibehren1/fw-gui

GUI for building firewall configurations.